Roles with the following permissions can access Unified Search:
Grants access to BigPanda Unified search.
To learn more about how BigPanda's permissions work, see the RBAC - Role Based Access Control guide.
- Search monitoring data across multiple source systems at the same time.
- Search historical data up to three months old.
- Pinpoint an exact time frame by selecting a start and end time.
- Visualize the life cycle of relevant incidents with timelines embedded in search results.
- Use BigPanda Query Language (BPQL) to create advanced queries and find values in any standard or custom tag.
- Filter and sort results to target the most relevant data.
- View sharing information, including the number of shares, who shared it, and how and when it was shared.
- Search for specific words or phrases found in the incident's comments.
Unified search finds all incidents that were active during the selected time frame—not just those that started and ended within it—and that currently match the search criteria. For example, if you search for
host = hostname.com in a time frame of the last seven days, the results will include incidents for the host that were active at any time within the time frame, even if they are no longer active. The search results show the current state of the incident and the related alerts.
BigPanda normalizes alert data into attributes called tags. Use BPQL to search for values in any standard or custom tag and to create advanced queries. As you type, the search bar displays suggested tags and monitoring system names that are relevant to your search. To learn more about a tag, you can view an alert in the BigPanda UI or reference the documentation on standard tags for an integration.
Use BigPanda to help with problem investigation, resolution, and prevention. For example:
- Real-time problem investigation—search for recent incidents with similar properties to find the root cause of an active incident faster.
- Post-mortem problem investigation—review related data several days later to determine if a major incident could have been avoided.
- Proactive problem management—search across normalized historical data from multiple sources to look for complex patterns and identify system issues that lead to service disruptions.
Suppose you are trying to find the root cause of an outage on your corporate site. A search of all active and recent incidents may be too broad to help you resolve the problem. With unified search, you can apply successive filters and search criteria to narrow the scope of your investigation to the most relevant information.
You may know the time when the failure was reported, which allows you to estimate a time frame when the root cause of the outage may have occurred. You may also know which tools monitor the infrastructure supporting the website, so you can filter your results to see only those incidents. Finally, you can search for incidents with alerts that match the affected service.
By adding criteria to your search, you can quickly eliminate irrelevant data and target the information you need. Each matching incident contains correlated, highly related alerts, and the search results show the life cycles of these alerts on a timeline. This visualization makes it easier to find the originating alert, which may point to the root cause. Notice that the originating alert can fall outside of your estimated time frame and, because it is intelligently correlated with related alerts, you can still find it and use the related data to help you resolve the problem.
Updated 3 months ago
|Quick Start Guide: Unified Search|